With so many people working remotely, cybersecurity has never been as challenging as it is now. Consider a recent survey by TrendMicro that highlights the weakness of cybersecurity: the human factor. The security company, which makes popular anti-virus software, asked more than 13,000 employees who are working from home for about their cybersecurity knowledge and habits.
Our team at Centerpoint IT works with every client to ensure employees are properly trained and understand the risks of a cybersecurity breach.
How Employees Feel About Cybersecurity
At first glance, the replies are heartening. 75% of the people who responded were more aware of the concept than they were before the pandemic, and 81% of respondents believe that security falls within their responsibility. Yet it quickly becomes evident that dissonance exists between this awareness and employees’ actions when it comes to cybersecurity.
Almost as many people who recognize that installing other software to a company-provided device is a risk (64%) admitted to installing unauthorized software (56%). More startling, almost two-thirds of workers who did so revealed that they uploaded data related to work to those apps. Despite being provided devices by their employers, 39% of survey takers admitted to either often or always using work data on their personal devices.
The survey didn’t ask about networks specifically, but they pose yet another problem. Even if people don’t cobble together solutions on personal devices rather than working with approved hardware and software, they may be working from an insecure home network. Many companies require employees to use VPNs to protect sensitive data, but even controlling the hardware, software, and network only goes so far when it comes to cybersecurity if users bypass recommended security measures.
Why Awareness and Actions Differ
Although some people argue that employees simply don’t care about cybersecurity, at least not enough for their actions to match their awareness of their responsibilities, there are other factors as work. For instance, some people replied that they used other software because they did not like the solutions provided to them by their employers. It may be that companies have had to adopt new software and procedures to allow their employees to work remotely, and these changes make it more challenging to accomplish work-related tasks. Alternatively, software that is adequate in the workplace may struggle when using slower personal networks, especially when combined with a VPN for security. If security measures hinder usability, remote workers may choose not to abide by them.
Furthermore, some people may ignore security protocols when working from home because they have other responsibilities. Because schools and childcare providers are closed, parents have to balance both work and parenting, which may leave them distracted from their work or looking for ways to save time. Both of these things can result in remote workers skipping security measures, either purposely or accidentally.
Improving Adherence to Rules
What can companies that want to increase security measures take out of this survey? No matter why remote workers don’t comply with cybersecurity practices, it’s clear that it’s not a lack of knowledge. The report by TrendMicro concluded that companies need to do more than spread awareness. TrendMicro’s principal security strategist., Bharat Mistry, explained how companies could tailor security solutions to best match employee personality and values to increase compliance.
Mistry also noted that it’s important not to penalize all employees, including those who may be following security protocols, just because some employes ignore the rules. Instead, companies may need to work with specific individuals who ignore these protocols.
Although the sudden adjustment to a home-based workforce comes with frustrations, it presents an opportunity for more flexibility in the workplace. Companies that employ flexible and creative solutions to cybersecurity may finally be able to increase employee compliance and reduce risk.